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MEMORANDUM FOR: See Distribution 


FROM: | 

Director of Information Services, DDA 

SUBJECT: Evaluation of the Agency's Information Security 

Program by the Information Security Oversight 
Office 


1. For your information, attached is tire latest evaluation of the 
Agency's information security program prepared by the Information Security 
Oversight Office. As you will note, the findings generally are favorable 
and the recommendations for improvement relatively minor. 

2. Please thank the participants for their cooperation during this 
inspection and commend them for a job well done. 


STAT 


Attachment : 
As stated 
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SUBJECT: Evaluation of the Agency's information Security Program 
by the Information Security Oversight Office 


Distribution: 

Director, Intelligence Community Staff 
Director, National Foreign Assessment Center 
Chairman., National Intelligence Council 
Deputy Director for Operations 
Deputy Director for Science and Teclmology 
General Counsel 
Inspector General 
Comptroller 

Director, Equal Employment Opportunity 

Director of Personnel 

Director of Policy and Planning 

Executive Secretary 

Director of Communications 

Director of Data Processing 

Director of Finance 

Director of Logistics 

Director of Medical Services 

Director of Security 

Director of Training and Education 

Chief, Classification Review Division 

Chief, Information and Privacy Division 

Chief, Regulations Control Division 
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Mr. Harry E. Fitzwater 
Deputy Director for Administration 
Central Intelligence Agency 
Washington, DC 20505 

Dear Mr. Fitzwater: 

Over a period of several months analysts of the Information Security Oversight Office 
(ISOO) have conducted inspections of several Directorates and offices in the Central 
Intelligence Agency (CIA). The inspections were conducted in accordance with the 
provisions of Section 5-2, Executive Order 12065. We believe that the enclosed report, 
documenting the findings of the ISOO analysts, represents an accurate picture of those 
aspects of the programs evaluated and offers reasonable proposals for improvement. 

The review has shown that the CIA has an excellent information security program. I 
encourage the CIA to continue its support in implementing the provisions of the Order. 

I appreciate the cooperation and courtesy extended to ISOO analysts during the 
inspections. Be assured that ISOO will assist in any way possible to help your agency 
meet the goals of Executive Order 12065. 


Sincerely, 



Director 


ATTACHMENTS: 

1. Inspection Report 

2. Areas, Dates and Subjects of Inspection 
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ATTACHMENT NO. I 


INFORMATION SECURITY OVERSIGHT OFFICE 
INSPECTION OF THE CENTRAL INTELLIGENCE AGENCY 


I. GENERAL 

1 he Information Security Oversight Office (ISOO), established under Executive 
Urder 12065, is responsible for monitoring Executive branch agencies and their 
act'onsto implement the provisions of the Order. Overall policy direction is 
provided to ISOO by the National Security Council. Sections 5-202 (a) and (h) of 
the Order authorize ISOO to conduct onsite reviews of the information security 
program of each agency that handles classified information. In compliance with 
the above provisions, Jane Payne and Harold Mason, ISOO analysts, conducted 
five reviews of various phases of the Central Intelligence Agency's (CIA) 
information security program. Areas, dates and subjects of the inspection are 
provided on Attachment No. 2. . 

II. FINDINGS 


A * Stat us of Implementation . Throughout the CIA, there is consistency in 
marking, safeguarding, classification and general compliance with the 
provisions of the Order and ISOO Implementing Directive No. I. This is 
attributable to (I) excellent training provided to all personnel; (2) the use 
of specialized classification guides and (3) other programs that prescribe 
the requirements for the protection of Intelligence activities, sources, 
methods and other sensitive information. The inspections indicate that CIA 
personnel have an excellent understanding of the Order and comply with its 
provisions. 

I. Classification . 

a * Ori ginal Classification . Officials granted original classification 
authority are designated in writing and limited in number. 
Extensive use of classification guides limits the number of 
original classification decisions to a minimum. 

k* Identifi cation arid Markings. CIA's compliance with the portion 
marking provision of the Order is commendable. In many 
instances, documents reviewed contained subportion marking in 
addition to the portion marking. This is extremely beneficial to 
user agencies who incorporate or paraphrase information from 
CIA documents in subsequent reports. 

The manner in which CIA marks its documents, when utilizing a 
classification guide, is among the most complete and thorough of 
any agency the analysts have inspected. Instead of merely 
identifying the guide the classifier also identifies the section in 
which the subject matter is located; the person who derivatively 
classifies fhe document; the date for review or declassification; 
and the reason for extension, when extended. When more than 
one section of the guide is used, the classifier identifies the 
guides and sections after each paragraph and marks "multiple 
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source" in the "derived from" section of the stamped marking. 
This procedure enabled the ISOO anai/sts to conduct an audit 
trail in a minimum period of time. 

c * Derivative Classification. The CIA is one of the few agencies 
which identifies personnel authorized to classify derivatively . 
This is beneficial for administrative purposes. 

d. Classification Guides . Classification guides have been published 
for each of the four directorates and have been in use since 
1978. Recently, a consolidated guide has been prepared for the 
use of all four directorates. This consolidated guide is presently 
being coordinated within CIA prior to publication. 

2. Systematic R eview for Declassification. 

The present CIA commitment to the systematic review for 
declassification (SRD) program involves approximately 40 personnel 
with a budget in excess of $1 million (not including buildings, 
computer equipment, etc.). It is anticipated that the program will 
reach $20 million (including a 5 percent inflation factor) if continued 
until 1988. 

Administrative support for Freedom of Information Act (FOIA), SRD 
and mandatory review is provided by the same organizational unit. 
Declassified records are not segregated after review in order to 
maintain the integrity of the original files. However, CIA notifies the 
Carrollton Press whenever they declassify material. The CIA has set 
aside a reading room for release of information to the media, public 
interest groups and other members of the public to review 
declassified material upon request. 

3. Safeguarding . 

The CIA is in compliance with the safeguarding procedures 
established under the Order. 



B. Document Review. 



DDS & | The ISOO analysts reviewed reports in the Production 

and Analysis Branch which were compiled through overt collection 
procedures. One of these reports (TRENDS) is occasionally marked 
with a security classification such as "Confidential-declassify in six 
months." Since this report is based upon information already in the 
public domain (newspapers, radio broadcasts) the analysts challenged 
its justification. The CIA explained that they were currently 
conducting a six-month study into the propriety of using a security 
classification on this type of report. ISOO requests that it be 
apprised of the results of this study. 


b. DCI/OLC. Several minor marking deficiencies were noted, mainly 
concerning memoranda for the record; some lacked portion markings 
and others bore no markings other than the level of classification. 
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c. DDO/DCD. The majority of documents reviewed were original 
classification decisions and contained no portion marking. The 
analysts were informed that the reports contained raw intelligence 
information making it impossible to determine the proper portion 
markings. 

III. CONCLUSIONS 

The Central Intelligence Agency appears dedicated in its desire to comply fully 
with the provisions of the Order. Officials interviewed were cognizant of the 
Order and implementing directive and sincere in their desire to implement a 
strong information security program. 

IV. RECOMMENDATIONS 

1. After the study has been completed on the TRENDS report in DDS&T r I STAT 
and a determination made; provide ISOO with information on the decision. 

(Section II B a) 

2. Provide additional guidance to DCI/OLC on the proper procedures for- 
marking. (Section II B b) 

3. Determine if documents generated in DDO, 

(Section II B c) 


| can be portion marked. 25X1 
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ATTACHMENT No. 2 

AREAS, DATES AND SU3JECTS OF INSPECTION 


STAT 


STAT 


DATES 

AREA OF VISIT 

SUBJECTS 

FEB. 25, 1981 

DDA/OIS 

The Use of Computers to 
Enhance Security Briefing 


DDS & T Registry DDS & T's Computer Assisted 

Registry Briefing and 
Document Review 


NFAC/OER 

Briefing and Document 
Review 

March 18, 1981 

DDS & 

Briefing and Document. 
Review 


DDA/OIS 

Systematic Review for 
Declassification Briefing 

April 8, 1981 

DDA/ODP 

Project Safe Briefing 


NFAC/OCO 

Briefing and Document 
Review 


DCI/OLC 

Briefing and Document 
Review 

May 14, 198! 

DDA 

DDO 

/OiS 

Briefing on Classification 
Guides 

Briefing and Document 
Review 

June 23, 1981 

DDO/Geographical Document Review 

Area 


DDA/OIS 

Review- of Visits and Out 
Briefing 
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